1) host-based private directories

To only allow the test.example.com host (add the name/IP address in the /etc/hosts file if necessary) to access a specific directory (here private), edit the /etc/httpd/conf/httpd.conf file and paste the following lines at the end:

If during the exam or real life, you have to create the webserver directory under any location other than /var/www/, It will certainly take more time to reconfigure everything: If you look at “/etc/httpd/conf/httpd.conf” you will notice there are several lines in that file that point to “/var/www/” to set or call different things. If in an actual work case, you have to point to a different directory, then there are no issues with taking your time and changing all the paths in httpd.conf to the new location. However, during the exam you have little time to play with these… Read more »

This probably works as long as you have all symlinks in place and none of them are broken. However, what is your plan for making directories available? Say you have a private file located under /web/private/secret.html. How do you think to publish it?

2 years ago

Member

jeromeza

I’ve found that elinks doesn’t seem to handle the auth properly and I don’t get through to the private content.

Hi, how to create the Access Restricted Directory with virtual host configuration? I wrote the Directory stanza in /etc/httpd/conf.d/private.conf and create passwd file. below is my private.conf configuration:

Looks interesting. I know elinks has the same issue. I suspect it is something to do with the ciphers used.

Have you looked at the log file(s) on the server? Sometimes, these can give you a clue. There is also a debug mode called verbose. At a quick look on the man file I would suggest you look up anyauth and variation.

Sorry, but I’m still puzzled. Taking a guess based on what? The 301 redirect goes to HTTP, there is no TLS/SSL involved as far as I can tell.

1 year ago

Member

Sam

Ok I missed that. However I have come across errors where the cipher/Authorization gives strange errors. In addition I was thinking there is a difference between authorization and encryption communication.

1 year ago

Member

muhammad.shakeeb

Hi,
How can I restrict specific ip on apache 2.4.6?
My configuration is not restricting.